The Microsoft Virtual Machine (VM) contains a critical vulnerability that could allow a remote attacker to gain control of affected machines, according to security bulletin MS03-011.

The vulnerability, which occurs in code for a VM process called the ByteCode Verifier, could enable an attacker to use illegal sequences of byte codes to bypass security checks in the software, Microsoft said.

The ByteCode Verifier process is responsible for checking code as it is loaded into the Virtual Machine, the company said.

Attackers could launch an attack using a Java applet embedded in a Web page or HTML format e-mail message. Once compromised, a vulnerable machine could be used to run the attacker's code, though only with the permission of the active user account, Microsoft said.